SAN FRANCISCO – 9th April, 2025 – BlackFog, the leader in ransomware prevention and anti data exfiltration (ADX), today revealed findings from analysis of ransomware activity from January to March across publicly disclosed and non-disclosed attacks.
This data shows that the number of publicly disclosed ransomware attacks for the first quarter of this year has reached its highest level for this period since BlackFog’s records started in 2020.
Key findings for January to March
Number of disclosed ransomware attacks breaks previous records
- The first quarter of 2025 saw record-breaking numbers of publicly disclosed ransomware attacks, with a total of 278 incidents, marking a 45% increase compared to Q1 2024.
- March set a new high, recording the largest number of disclosed attacks since BlackFog began tracking in 2020, with 107 attacks. This is an 81% increase compared with March 2024.
- Both January and February also set new monthly records for disclosed attacks, with increases from 2024 of 22% and 36%, respectively.
Services, Healthcare and Government are most targeted sectors
In terms of disclosed attacks, healthcare was the most targeted sector with 57 attacks, followed by the services industry, which recorded 44 attacks, and the government sector with 30 attacks. Together, attacks on these three sectors accounted for nearly half (47%) of all disclosed incidents in the quarter.
Number of unreported incidents continues to rise
The figures for undisclosed attacks reveal the true extent of the rise in ransomware. Across the quarter there were 2,124 undisclosed attacks, marking a 113% increase compared to the same period in 2024. This highlights that companies are still failing to publicly disclose ransomware incidents when they are targeted.
The services industry was the hardest hit accounting for 22% (475) of all undisclosed attacks in Q1.
RansomHub continues to dominate
Following a swathe of attacks in 2024, RansomHub continued to be amongst the most active ransomware groups and was responsible for 9% of disclosed attacks in the first three months of 2025 (a total of 24 attacks).
Following on was Qilin, accounting for 15 attacks and Akira with 14 attacks. Other groups accounted for 81% (225) of all disclosed attacks.
Data exfiltration rate climbs higher than ever
The rate of data exfiltration has continued to rise, with 95% of all publicly disclosed attacks in this period involving data exfiltration.
Commenting on the findings, Dr. Darren Williams, Founder and CEO of BlackFog. said:
“Ransomware incident volumes are reaching unprecedented levels. This presents ongoing challenges for organisations dealing with attackers focused on disruption, data theft and extortion. Different groups will emerge and disband, but they all focus on the same end goal, data exfiltration.”
Methodology
This report was generated in part from data collected by BlackFog Enterprise over the specific report period January – March 2025. It highlights significant events that prevented or reduced the risk of ransomware or a data breach and provides insights into global trends for benchmarking purposes. This report contains anonymized information about data movement across hundreds of organizations and should be used to assess risk associated with cybercrime.
Industry classifications are based upon the ICB classification for Supersector used by the York Stock Exchange (NYSE).
All recorded events are based upon data exfiltration from the device endpoint across all major platforms.
BlackFog’s State of Ransomware reports for January – March 2025 can be accessed here: https://www.blackfog.com/the-state-of-ransomware-2025/
About BlackFog
Founded in 2015, BlackFog is a global AI based cybersecurity company that has pioneered on-device anti data exfiltration (ADX) technology to protect organizations from ransomware and data loss. With more than 94% of all attacks involving some form of data exfiltration, preventing this has become critical in the fight against extortion, the loss of customer data and trade secrets.
BlackFog recently won the “Best Threat Intelligence Technology” in the 2024 Teiss Awards, “AI-based Cybersecurity Innovation of the Year” award in the CyberSecurity Breakthrough Awards, as well as the 2024 Fortress Data Protection award for its pioneering ADX technology. BlackFog also won Gold at the Globee awards in 2024 for best Data Loss Prevention and the State of Ransomware report which recognizes outstanding contributions in securing the digital landscape.
Trusted by hundreds of organizations all over the world, BlackFog is redefining modern cybersecurity practices. For more information visit blackfog.com
Media Contact:
Related Posts
BlackFog Report Reveals Record Number of Ransomware Attacks from January to March
BlackFog reports a record-breaking surge in ransomware attacks Q1 2025, with 278 disclosed cases and a 113% rise in undisclosed incidents.
AI for Network Security and Monitoring: Enhancing Cyber Defense
What opportunities do AI ransomware protection tools offer to cybersecurity pros?
Log4Shell – Understanding the Vulnerability and Mitigation Steps
Learn about Log4Shell, its impact on industries, and effective mitigation strategies. Discover how proactive defenses, like BlackFog's ADX technology, can protect your systems from ransomware and data exfiltration.
Ransomware Attacks on macOS and Other Apple Devices: A Growing Threat
Apple devices are no longer immune to ransomware. Attacks on macOS and iOS are rising, with threats like NotLockBit emerging. Learn why Apple is a target and how to protect your devices from evolving cyber risks.
The State of Ransomware 2025
BlackFog's state of ransomware report 2025 measures publicly disclosed and non-disclosed attacks globally.
AI and Ransomware Prevention: How Smart Tech can Outsmart Cybercriminals
What opportunities do AI ransomware protection tools offer to cybersecurity pros?